## https://sploitus.com/exploit?id=82074B46-B5C8-53DB-AA7A-DD85E4651957
# Exploit Tracker (Go)
A small Go CLI that polls the public [PoC-in-GitHub](https://poc-in-github.motikan2010.net)
feed for **new** CVE exploits and reports them to a Discord webhook, a local JSON file, or stdout.
```
____ _ _____ _
| __ ) __ _ __| |_ _|__ ___ | |___
| _ \ / _` |/ _` | | |/ _ \ / _ \| / __|
| |_) | (_| | (_| | | | (_) | (_) | \__ \
|____/ \__,_|\__,_| |_|\___/ \___/|_|___/
```
## Install
```bash
git clone https://github.com/RemmyNine/exploittracker.git
cd exploittracker
go build -o bin/exploittracker ./cmd/exploittracker
```
## Usage
```bash
# one-shot scan
./bin/exploittracker
# watch mode
./bin/exploittracker --watch --interval 30m --webhook https://discord.com/api/webhooks/...
# look up a single CVE
./bin/exploittracker --search CVE-2024-1234
# save the lookup to a file
./bin/exploittracker --search CVE-2024-1234 --output report.txt
# create an empty baseline (so the next run only reports *new* CVEs)
./bin/exploittracker --init
```
Run `./bin/exploittracker -h` for the full flag list and examples.
## How it works
1. Fetches the last *N* CVEs from the upstream feed (default 100).
2. Compares them against a local baseline file (`db.txt` by default).
3. Fetches full details for any **new** CVE IDs in parallel.
4. Writes them to `exploits.json` (default) and/or posts a Discord embed.
The first run seeds `db.txt`; subsequent runs only report the diff.
## Output
### `exploits.json`
```json
{
"generated_at": "2025-01-04T12:34:56Z",
"count": 2,
"cves": [
{
"cVE": "CVE-2024-1111",
"description": "Cross-site scripting ...",
"exploits": [
"https://github.com/u/r/blob/main/x.py"
]
}
]
}
```
### Discord embed
For each new CVE the bot posts an embed titled `New exploit for CVE-...` with `CVE`,
`Description`, and `Exploits` fields. Embed color is chosen from the description
(RCE โ red, XSS โ orange, โฆ).
## Configuration
| Flag | Env var | Default |
|------------------|------------------|-----------------------------------------------|
| `--db` | - | `db.txt` |
| `--output` | - | `exploits.json` |
| `--webhook` | `ET_WEBHOOK` | *(empty)* |
| `--log-webhook` | `ET_LOG_WEBHOOK` | *(empty)* |
| `--workers` | `ET_WORKERS` | `4` |
| `--limit` | `ET_LIMIT` | `100` |
| `--interval` | `ET_INTERVAL` | `5m` (watch only) |
| `--base-url` | `ET_BASE_URL` | `https://poc-in-github.motikan2010.net` |
| `--no-save` | - | `false` |
| `--no-color` | `ET_NO_COLOR` | `false` |
## Project layout
```
exploittracker/
โโโ cmd/exploittracker/main.go # CLI
โโโ internal/
โ โโโ api/ # HTTP client (retries, context, 429-aware)
โ โโโ models/ # CVE type, validation, sanitisation
โ โโโ storage/ # Atomic file I/O, JSON
โ โโโ tracker/ # Diff + orchestration
โ โโโ webhook/ # Discord client
โ โโโ ui/ # Progress, table, banner
โโโ Makefile
โโโ README.md
```
## Development
```bash
make build # build the binary
make test # run all unit tests (56 tests across 6 packages)
make vet # go vet
make clean # remove ./bin
```
Tests follow TDD: each `*_test.go` was written before the code it covers.
### Note for Windows users
`go test` may fail with *"Access is denied"* because Windows Defender locks the
test binary in `%TEMP%`. The `make test` target works around this by compiling
the binary to `./bin/` and running it directly. From PowerShell:
```powershell
Get-ChildItem -Recurse -Path .\internal -Filter *_test.go |
ForEach-Object {
$pkg = $_.Directory.Name
go test -c -o "bin\$pkg.test.exe" ".\internal\$pkg\"
& ".\bin\$pkg.test.exe"
}
```
## License
MIT.